Hacking, Drinking, & Hacking...

When: June 9th, 2018
Time: 10:00 AM to 11:59 PM
Where: GeniusDen 3106 Commerce St, Dallas, TX 75226

RSVP on Meetup

Food & Drinks:

• There are several great places nearby to grab food.
• There will be some free booze (vodka, whiskey, beer) If you want you can bring some more.

Rules:

• Must participate. Researching for others counts
• If you find a vulnerability it's yours.
• If there is a bug bounty you get to choose what to do with the money. Sponsor next event or keep it. Maybe a little of both.
• Smoking analog or vape please step outside.
• Targets are on 192.168.66.0/24 network stay there :)
• Don't be a dick.

Prize's:

• Most found CVE's - $50 Gift Card to Amazon
• Best vulnerability found - $25 Gift Card to Amazon
• Community MVP - $25 Gift Card to Amazon
• Miss Congeniality - Hugs and Free 0DayAllDay t-shirt

Hacking:

This quarters theme is Password Managers and their associated Android applications.

• Keeper Security (Business) BugCrowd
• 1Password BugCrowd
• Thycotic Secret Server
• ManageEngine Password Manager Pro
• ZOHO Vault BugBounty

Details of targets

• Domain Server and General Info

  • HOST
    • Domain Controller Windows Server 2016
    • IP: 192.168.66.100
    • Domain: blackmarble.sh
    • Admin: administrator
    • Pass: ][Password][
    • Other users:
      • fox.zero
      • fox.one
      • ...
      • fox.ten
    • Global Read-Only Share: //WIN-7LPVLIICTR2/Data
      • cacert.pem This file is for importing into Burp for Android.
      • apks folder has all the .apk install files along with the decompiled source code.
      • Keeper folder has the install files for keeper along with it's agents.
      • ManageEngine PMP folder has the Windows agent and the installer.
      • gray folder has a .net decompiler program and injector
      • Thycotic has the agents and installer.
    • Global Read/Write Share: //WIN-7LPVLIICTR2/Share
      • Feel free to put whatever here.
  • Software
    • Thycotic Secret Server
      • URL: https://192.168.66.100/SecretServer
      • USER: admint
      • PASS: ][Password][
    • Thycotic Privliage Manager
      • URL: https://192.168.66.100/TMS/PrivilegeManager
      • USER: admint
      • PASS: ][Password][
    • ManageEngine Password Manager Pro
      • URL: https://192.168.66.100:7272/PassTrixMain.cc
      • USER: admin
      • PASS: admin
    • Keeper
      • Connector (bridge) is setup on 192.168.66.100
      • URL: https://keepersecurity.com/en_US/console/#login
      • USER: init6@init6.me
      • PASS: Will be disclosed at event.
    • ZOHO Vault
      • Connector (bridge) is setup on 192.168.66.100
      • URL: https://vault.zoho.com/online/main
      • USER: init6@init6.me
      • PASS: Will be disclosed at event.
    • 1Password (Online Only)

• Android

  • HOST

    • http://www.android-x86.org
    • IP: 192.168.11.11
    • VNC Ports: 6000 - 6017
    • To connect I suggest using Remmina.
    • Google User: blackmarble@gmail.com
    • Google Pass: Will be disclosed at event if you need it.

  • Software

    • Keeper
    • Thycotic Secret Server
    • Thycotic PAM
    • Password Manager - Zoho Vault
    • PMP (Couldn't get to work)
    • LastPass
    • Norton IDSafe
    • Google Play store works, If you want to attack something else thats okay.

  • Burp Configuration

    • Import the cacert.pem into your Burp. (Make sure you regenerate after you leave)
    • In the Android VM, Hit ALT+F1 to access terminal.
    • su to root
    • Configure iptables to redirect traffic to your Burp.
    • iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
    • iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
    • Restart the VM if you want to flush out existing iptable rules.
    • If you want to use your own cert check out my blog entry here

  • ADB Configuration

    • Android Documentation can be found here
    • In the Android VM, Hit ALT+F1 to access terminal.
    • Get the IP Address: ifconfig
    • adb connect ip_address